Version 6.3.13 for UNIX
 —  Natural Security  —

Protecting Natural Web I/O Interface Servers

This section only applies to Natural Security on mainframe computers, and the functionality described only applies as of Version 8.2.3.

This section covers the following topics:

A Natural Web I/O Interface server has to be defined in Natural Security only if this server is to use an Integrated Authentication Framework (IAF) server for token validation.

For information about Natural Web I/O Interface servers, see the Natural Web I/O Interface documentation. For information about IAF, see Introduction to the Integrated Authentication Framework in the EntireX Communicator documentation.


IAF Support

If Integrated Authentication Framework (IAF) is installed, a Natural Web I/O Interface server can use an IAF server for token validation.

An IAF server which to be used has to be defined to Natural Security, that is, a security profile has to be created for it, as described under Creating and Maintaining Security Profiles for IAF Servers and LDAP.

In the security profile of the Natural Web I/O Interface server, you activate IAF support by setting the option IAF Support to "Y". When you do so, you will be prompted to select the IAF server to be used by the Natural Web I/O Interface server. If only one IAF server is defined to Natural Security or one of the IAF servers is defined as default server, this one will be used without your being prompted.

Top of page

Components of a Natural Web I/O Interface Server Profile

The following type of screen is the primary profile screen which is displayed when you invoke one of the functions Add, Copy, Modify, Display for the security profile of a Natural RPC server:

21:58:38                    *** NATURAL SECURITY ***                 2012-08-09
                          - Display NatWebio Server -                          
                                                                               
                                             Modified .. 2012-08-08 by ABC
                                                                               
NatWebio Server.... WEBSRV01                       
Description ....... Test environment            
                                                                               
--------------- Options -------------                                          
 IAF support ............... (N,Y): N                                          
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               
Additional Options ... N                                                       
                                                                               
                                                                               
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
      Help  PrevM Exit  AddOp       Flip                                Canc   

The individual items you may define as part of a Natural Web I/O Interface server's security profile are explained below.

Field Explanation
IAF Support This option is used to activate the support of the Integrated Authentication Framework (IAF) for the server:
N IAF support is not active.
Y IAF support is active: The Natural Web I/O Interface server will use an IAF server for token validation.

When you set this option to "Y", you will be prompted to select the IAF server to be used. If only one IAF server is defined to Natural Security or one of the IAF servers is defined as default server, this server will be used without your being prompted. The name of the IAF server assigned is displayed.

To change the assignment, you press PF9 to select another IAF server.

See the section IAF Support above for further information.

Additional Options

If you either mark the field Additional Options with "Y" or press PF4, a window will be displayed from which you can select the following options:

The options for which something has already been specified or defined are marked with a plus sign (+).

You can select one or more items from the window by marking them with any character. For each item selected, an additional window will be displayed:

Additional Option Explanation
Maintenance Information
(display only)
In this window, the following information is displayed:
  • the date and time when the security profile was created, the ID of the administrator who created it, and (if applicable) the IDs of the co-owners who countersigned for the creation;

  • the date and time when the security profile was last modified, the ID of the administrator who made the last modification, and (if applicable) the IDs of the co-owners who countersigned for the modification.

Security Notes   In this window, you may enter your notes on the security profile.
Owners   In this window, you may enter up to eight IDs of administrators. Only the administrators specified here will be allowed to maintain this server security profile.

If no owner is specified, any user of type "Administrator" may maintain the security profile.

For each owner, the number of co-owners whose countersignatures will be required for maintenance permission may optionally be specified in the field after the ID.

For information on owners and co-owners, see the section Countersignatures.

Top of page

Creating and Maintaining Natural Web I/O Interface Server Profiles

This section describes the functions used to create and maintain security profiles for Natural Natural Web I/O Interface servers. It covers the following topics:

Invoking Maintenance for Natural Web I/O Interface Servers

Start of instruction setTo invoke Natural Natural Web I/O Interface server maintenance:

  1. On the Main Menu, select Maintenance.

    A window will be displayed.

  2. In the window, mark the object type Natural Web I/O Interface Server with a character or with the cursor.

    The Natural Web I/O Interface Server Maintenance selection list will be displayed.

  3. From this selection list, you invoke all Natural Web I/O Interface server maintenance functions as described below.

Adding a New Server Profile

To define a Natural Web I/O Interface server to Natural Security, you create a security profile for it.

Start of instruction setTo do so:

  1. In the command line of the Natural Web I/O Interface Server Maintenance selection list, enter the command ADD .

    A window will be displayed.

  2. In this window, enter an ID for the server. This ID corresponds to the server name as specified with the Natural profile parameter RPC (see RPC Server Settings in Natural), and must conform to the naming conventions for Natural RPC servers. Asterisk notation for the server ID is possible, as described under Security Profiles for Natural RPC Servers above.

    After you have entered a valid ID, the Add Natural Natural Web I/O Interface Server screen will be displayed.

    The individual items you may define on this screen and any additional windows that may be part of a server security profile are described under Components of a Natural Web I/O Interface Server Profile above.

When you add a new server profile, the owners specified in your own user security profile are automatically copied into the server security profile.

Selecting Existing Server Profiles for Processing

When you invoke Natural Web I/O Interface Server Maintenance, a list of all Natural Web I/O Interface server profiles that have been defined to Natural Security will be displayed.

If you do not want a list of all existing profiles, but wish only certain servers to be listed, you may use the Start Value option as described in the section Finding Your Way In Natural Security.

On the Main Menu, select Maintenance. A window will be displayed.

In the window, mark the object type Natural Web I/O Interface Server with a character or with the cursor (and, if desired, enter a start value). The Natural Web I/O Interface Server Maintenance selection list will be displayed:

14:49:01                    *** NATURAL SECURITY ***                 2012-08-08
                         - NatWebio Server Maintenance -
 
 Co NatWebio Server                 Description           Message
 __ _______________________________ _____________________ _____________________
 __ WIOS01                          Web IO server 01      
 __ WIOS02                          Web IO server 02      
 __ WIOS11EST                       Test server 11
 __ * NatWebIO server default *     Default Server ID
                          
 
                
                            
 
 
 
 
 
 


Command ===>
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12---
Help        Exit              Flip  -     +                       Canc   

For each server, the server ID is displayed.

The list can be scrolled as described in the section Finding Your Way In Natural Security.

Selecting a Function

The following maintenance functions are available for Natural Web I/O Interface server profiles (possible code abbreviations are underlined):

Code Function
CO Copy server profile
MO Modify server profile
RE Rename server profile
DE Delete server profile
DI Display server profile

To invoke a function for a server profile, mark the server with the appropriate function code in column Co.

You may select various server profiles for various functions at the same time; that is, you can mark several servers on the screen with a function code. For each server marked, the appropriate processing screen will be displayed. You may then perform the selected functions for one server profile after another.

Copying a Server Profile

The Copy Server Profile function is used to define a new Natural Web I/O Interface server to Natural Security by creating a security profile which is identical to an already existing one.

What is Copied?

All components of the existing security profile will be copied into the new security profile - except the owners (these will be copied from your own user security profile into the new server security profile).

Any links from users to the existing server will not be copied.

How to Copy

On the Natural Web I/O Interface Server Maintenance selection list, mark the server whose security profile you wish to duplicate with function code CO.

A window will be displayed. In the window, enter the ID of the new server. The ID corresponds to the server name as specified with the Natural profile parameter RPC (see RPC Server Settings in Natural), and must conform to the naming conventions for Natural RPC servers. Asterisk notation for the server ID is possible, as described under Security Profiles for Natural RPC Servers above.

After you have entered a valid ID, the new security profile will be displayed.

The individual components of the security profile you may define or modify are described under Components of a Natural Web I/O Interface Server Profile above.

Modifying a Server Profile

The Modify Server Profile function is used to change an existing Natural Web I/O Interface server security profile.

On the Natural Web I/O Interface Server Maintenance selection list, you mark the server whose security profile you wish to change with function code MO. The security profile of the selected server will be displayed.

The individual components of the security profile you may define or modify are described under Components of a Natural Web I/O Interface Server Profile above.

Renaming a Server Profile

The Rename function allows you to change the server ID of an existing Natural RPC server security profile.

On the Natural RPC Server Maintenance selection list, you mark the server whose ID you wish to change with function code RE. A window will be displayed in which you can enter a new ID for the server profile.

The ID corresponds to the server name as specified with the Natural profile parameter RPC (see RPC Server Settings in Natural), and must conform to the naming conventions for Natural RPC servers. Asterisk notation for the server ID is possible, as described under Security Profiles for Natural RPC Servers above.

Deleting a Server Profile

The Delete Server Profile function is used to delete an existing Natural Web I/O Interface server security profile.

On the Natural Web I/O Interface Server Maintenance selection list, you mark the server whose profile you wish to delete with function code DE. A window will be displayed.

If you mark more than one server profile with DE, a window will be displayed in which you are asked whether you wish to confirm the deletion of each server security profile with entering the server ID, or whether all server profiles selected for deletion are to be deleted without this individual confirmation. Be careful not to delete a server profile accidentally.

Displaying a Server Profile

The Display Server Profile function is used to display an existing Natural Web I/O Interface server security profile.

On the Natural Web I/O Interface Server Maintenance selection list, you mark the server whose security profile you wish to view with function code DI. The security profile of the selected server will be displayed.

The individual components of the security profile are explained under Components of a Natural Web I/O Interface Server Profile above.

Top of page